Kevin Kofler discovered several stack-based buffer overflows in theLookupTRM::lookup function in libtunepimp, a MusicBrainz tagginglibrary, which allows remote attacers to cause a denial of service orexecute arbitrary code.

For the stable distribution (sarge) these problems have been fixed inversion 0.3.0-3sarge2.

For the unstable distribution (sid) these problems have been fixed inversion 0.4.2-4.

We recommend that you upgrade your libtunepimp packages.

Upgrade Instructions- --------------------

wget url will fetch the file for youdpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line forsources.list as given at the end of this advisory: